News & Events

Google Chrome will force you to go secure

Posted by Cătălin on Fri, 9 Sep 2016

Google Chrome is moving towards a more secure web through SSL/HTTPS. Chrome browser will start warning users when websites are not using secure connections

Google Chrome Security Team announced on Sept. 8th 2016 that Chrome browser will start warning users when websites are not using secure connections (SSL/HTTPS) and transmit sensitive data as insecure. The warning will appear in the address bar of the browser starting with January 2017 and will call users’ attention to the fact that their personal information could be stolen.

The changes intended to pressure websites owners to switch to the more secure HTTPS, which encrypts data while in transit and helps prevent the website from being modified by a malicious user on the network.

Emily Schechter from Chrome Security Team posted:

“Don’t wait to get started moving to HTTPS. HTTPS is easier and cheaper than ever before, and enables both the best performance the web offers and powerful new features that are too sensitive for HTTP” Read full article here

Why do you need HTTPS and SSL?

If you are collecting sensitive information from your patients on your website, then you absolutely need a SSL certificate.

Google also announced that they will be using HTTPS and SSL as a ranking signal in their search results. This means that using HTTPS and SSL will help improve your website's ranking on Google.

Don’t worry, if you have no idea what SSL is...

I'm going to explain this as well:

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your patient browser and your website are encrypted.

When a patient connect to your website with HTTP, your browser looks up the IP address that corresponds to the website, connects to that IP address, and assumes it's connected to our web servers. Data is sent over the connection in clear text, so a malicious user on a Wi-Fi network can see any data is transferred over the web (personal health information, X-Rays, passwords, etc...)

To summarize, HTTP has problems because HTTP connections are never encrypted. HTTPS adds encryption in an attempt to fix these problems.

If you are an existing client and your website is not secure yet, we can help.